What are the rules on cookies?

Get an quick overview over the current cookie rules and find out how you can keep your website up-to-speed and compliant with EU e-Privacy & Data Protection Laws like GDPR and CCPA.

What are the rules on cookies?

The current rules on cookies stem from the ePrivacy Directive (2002 – revised 2009) also commonly known as the European Cookie Law. If you have a website or webshop, you are subject to the rules on cookies regardless of your site being business, government, or privately owned. The ePrivacy Directive clearly states that websites in Europe must collect their users’ consent (to cookies) to be able to store cookies onto the users’ browsers.

What do the rules on cookies mean for my website?

Specifically, it means that if your website uses cookies (first – or third-party cookies) you are responsible for :
It’s not enough to inform of the use of cookies, you also need to collect and store these consents securely for 5 years – this will come in handy if you are subject to an oversight or inquiry by your national Data Protection Authority.
The most convenient way to manage this is through a consent management platform like Cookie Information. Not only does it help you respect global privacy regulations such as GDPR and CCPA, but it also ensures you keep your valuable marketing insights (through their integration with Consent Mode v2) and helps build trust with your website’s visitors through transparent data collection practices.

Checklist for collecting valid cookie consents

  • Inform your visitors about cookies – Ensure your website has a cookie pop-up (cookie banner) and an updated cookie policy. List and describe all the cookies you are using, their purpose, who sets them (third parties) and their duration.
  • Collect and store user consents. – his needs to be done before any technically-unnecessary cookies are set, and you need to store these consents for 5 years – this ensures you are able to document to authorities that you have collected valid consent, in case of an audit.
  • Offer visitors the option to easily decline cookies (opt-out). This option should be as accessible as giving consent. The buttons should have the same size and be shown next to each other.
  • Ensure that your banner has no pre-ticked checkboxes. Consent should be actively given by the users and cannot be pre-selected for them beforehand.
  • Cookies should be held back until consent is given – In order to respect users’ choices and right to privacy, you cannot set any unnecessary cookies before the visitors makes their consent choices.

What if I don’t use cookies on my website?

Even if you might not actively use cookies, most websites are setting them anyways. This includes both technical cookies, for example those who remember user preferences such as language and login information, but also those set by third-party providers such as Google Analytics, Facebook, Instagram, LinkedIn, Hotjar, etc.
These platforms might be collecting personal information, and you, as a website owner, are responsible for collecting user consent. This is why it is vital that you do request for cookie consent on your website, even if it’s not you who’s actively using the personal data collected.
If you are in doubt on whether you are using cookies, or whether you are setting any cookies before consent is given, we can scan your website for you – free of charge. You’ll get the answer in your inbox in under 10 minutes!
Try Cookie Information – the cookie banner that supports your marketing goals.